Identity-based network policies enable network administrators to control access to a network based on the type of user and/or device connecting to the network. When a new device connects to a network, it can be assigned an identity by the network provider. The network provider maintains policies for each identity, and each policy is implemented on the network elements of the network to ensure that the new device has the appropriate access level for its assigned identity. One example of an identity server is an Active Directory™ (AD) server that authenticates a user that logs in through a client device. The AD server authenticates the user and assigns the user's client device an identity based on the authentication session with the user.